Kniha Security in the Pipeline RAFAEL SANDERS

Security in the Pipeline

DevSecOps: Shift-Left Security, SAST, DAST, and Secrets Management for Engineering Teams

Jazyk: Angličtina
Vazba: Brožovaná
Dostupnost: Skladem u dodavatele
Odesíláme za 14-21 dnů
532
Modern software moves fast.But speed without security creates risk-vulnerabilities slip into product...

Informace o knize

Jazyk
Angličtina
Vazba
Kniha - Brožovaná
Vydáno
2026
Stránek
272
EAN
9798199171472
Enbook ID
52816762
Hmotnost
334
Rozměry
152 x 229 x 17

Kompletní popis

Modern software moves fast.

But speed without security creates risk-vulnerabilities slip into production, secrets leak into repositories, and insecure dependencies quietly accumulate across pipelines. Security cannot be an afterthought anymore; it must be part of the delivery process itself.

"Security in the Pipeline" is a practical, engineering-focused guide to integrating security directly into CI/CD workflows using DevSecOps principles.


Why DevSecOps matters

Traditional security approaches often fail because they arrive too late in the lifecycle.

Modern teams face challenges such as:

  • insecure code reaching production
  • exposed API keys and secrets
  • vulnerable dependencies in builds
  • lack of automated security testing
  • slow manual security reviews
  • fragmented security tooling across pipelines

DevSecOps solves this by embedding security into every stage of development.


What you will learn
  • fundamentals of DevSecOps architecture
  • shift-left security principles and workflows
  • static application security testing (SAST)
  • dynamic application security testing (DAST)
  • software composition analysis (SCA)
  • secrets detection and management strategies
  • secure CI/CD pipeline design
  • dependency and supply chain security
  • container and infrastructure scanning
  • automated security gates and policies

From reactive security to embedded protection

Throughout the book, you will learn how to:

  • integrate security tools into CI/CD pipelines
  • detect vulnerabilities before deployment
  • prevent secret leakage in codebases
  • enforce security policies automatically
  • reduce friction between developers and security teams
  • build continuous security feedback loops

Each chapter focuses on practical engineering workflows used in modern DevOps environments.


Practical applications
  • enterprise CI/CD pipelines
  • cloud-native application delivery
  • microservices security automation
  • containerized deployment workflows
  • API and backend systems security
  • startup and scale-up engineering teams

These examples reflect real production environments where speed and security must coexist.


Who this book is for
  • DevOps engineers
  • security engineers
  • software developers
  • platform engineers
  • cloud engineers
  • engineering teams building CI/CD systems

If you want to build pipelines that deliver software quickly without sacrificing security, this book provides the roadmap.

Build fast.
Secure early.
Protect every deployment.